惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Google DeepMind News
Google DeepMind News
Stack Overflow Blog
Stack Overflow Blog
Hugging Face - Blog
Hugging Face - Blog
博客园_首页
T
The Blog of Author Tim Ferriss
博客园 - 叶小钗
N
Netflix TechBlog - Medium
腾讯CDC
C
Check Point Blog
P
Proofpoint News Feed
Engineering at Meta
Engineering at Meta
GbyAI
GbyAI
S
SegmentFault 最新的问题
F
Fortinet All Blogs
美团技术团队
U
Unit 42
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
博客园 - 司徒正美
F
Full Disclosure
Recorded Future
Recorded Future
D
DataBreaches.Net
博客园 - 【当耐特】
Martin Fowler
Martin Fowler
J
Java Code Geeks
I
InfoQ
Y
Y Combinator Blog
A
About on SuperTechFans
AI
AI
爱范儿
爱范儿
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Forbes - Security
Forbes - Security
W
WeLiveSecurity
M
MIT News - Artificial intelligence
雷峰网
雷峰网
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Simon Willison's Weblog
Simon Willison's Weblog
Schneier on Security
Schneier on Security
The GitHub Blog
The GitHub Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
aimingoo的专栏
aimingoo的专栏
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
G
GRAHAM CLULEY
Know Your Adversary
Know Your Adversary
Latest news
Latest news
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
D
Docker
Recent Commits to openclaw:main
Recent Commits to openclaw:main
量子位
V2EX - 技术
V2EX - 技术
Project Zero
Project Zero

SPDX

SPDX 3.1 Ontology and Schema Available for Review – SPDX SPDX Responds to CISA Minimum Elements RFC – SPDX CISA Considering New Set of Minimum Elements – SPDX SBOM Vision – SPDX A Guide to the GitHub SPDX Repo – SPDX Kudos for Yocto support of SPDX SBOMs – SPDX SPDX Podcast – SPDX Implementing an AI BOM – SPDX SBOM Adoption Paper – SPDX
Python Foundation Adopts SPDX for Software Bill of Materials – SPDX
By podence · 2025-10-31 · via SPDX

The Python Software Foundation has taken a significant step forward in software supply chain transparency by including SPDX-format Software Bills of Materials (SBOMs) with their official Python releases.

Starting with 3.14 released earlier this week, all distribution packages available on the official download page now include accompanying SPDX SBOMs. These machine-readable documents provide detailed inventory information about the software components, including cryptographic checksums for verification purposes.

While the current implementation uses SPDX v2.3 format and focuses primarily on component identification and integrity verification through checksums, this represents an important milestone for both the Python ecosystem and the broader adoption of SPDX standards.

“This is a huge win for supply chain security and transparency,” said SPDX Steering Committee Chair Rose Judge. “By providing standardized SBOMs in SPDX format, Python is making it easier for organizations to understand and verify what’s included in their software dependencies.”

The inclusion of SPDX SBOMs with one of the world’s most popular programming languages demonstrates the growing industry recognition of SPDX as the standard format for software bill of materials. This move will likely encourage other major open source projects to follow suit.

The SPDX SBOMs are available alongside software distribution formats, including source archives (.tar.gz and .tar.xz) and platform-specific installers for Windows, macOS, and Android systems.